Prosze o sprawdzenie loga z hj

IP: 62.233.231.* 12.04.06, 18:04
Logfile of HijackThis v1.99.1
Scan saved at 18:09:35, on 06-04-12
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXCCPPLS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\LEXMARK 3300 SERIES\LXCCMON.EXE
C:\WINDOWS\SYSTEM\INTELL321.EXE
C:\PROGRAM FILES\PAYTIME.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ANTIVIRENKIT\AVKWCTL9.EXE
D:\WINWALL\WINWALL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LXCCCOMS.EXE
C:\PROGRAM FILES\ANTIVIRENKIT\AVK.EXE
C:\PROGRAM FILES\ANTIVIRENKIT\AVKSERVICE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\GADU-GADU\GG.EXE
C:\PROGRAM FILES\ASWCLNR.EXE
C:\PROGRAM FILES\ASWCLNR.TMP
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
Microsoft Internet Explorer dostarczony przez IDG.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
F1 - win.ini: run=LXDBOXCP.EXE,lxccppls.exe
O1 - Hosts: 127.0.0.5 makethemcry.com
O1 - Hosts: 127.0.0.5 loudcash.com
O1 - Hosts: 127.0.0.5 iframestat.com
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 hqcash.com
O1 - Hosts: 127.0.0.5 verybigcash.com
O1 - Hosts: 127.0.0.5 makethemcry.com
O1 - Hosts: 127.0.0.5 moviepartnership.com
O1 - Hosts: 127.0.0.5 callmachine.com
O1 - Hosts: 127.0.0.5 regcash.com
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 klikrevenue.com
O1 - Hosts: 127.0.0.5 p2dll.com
O1 - Hosts: 127.0.0.5 t73.com
O1 - Hosts: 127.0.0.5 www.makethemcry.com
O1 - Hosts: 127.0.0.5 www.loudcash.com
O1 - Hosts: 127.0.0.5 www.iframestat.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.hqcash.com
O1 - Hosts: 127.0.0.5 www.verybigcash.com
O1 - Hosts: 127.0.0.5 www.makethemcry.com
O1 - Hosts: 127.0.0.5 www.moviepartnership.com
O1 - Hosts: 127.0.0.5 www.callmachine.com
O1 - Hosts: 127.0.0.5 www.regcash.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.klikrevenue.com
O1 - Hosts: 127.0.0.5 www.p2dll.com
O1 - Hosts: 127.0.0.5 www.t73.com #
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
Utilities\Nprotect.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4
\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300
Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax
Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 \LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\SYSTEM\intell321.exe
O4 - HKLM\..\Run: [SysTray] C:\PROGRAM FILES\PAYTIME.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVKWCtl] C:\PROGRA~1\ANTIVI~1\AVKWCTL9.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton
SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
\ashServ.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Komunikator] D:\TLEN\TLEN.EXE
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: Winwall Autostart.lnk = D:\Winwall\Winwall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=www.pcworld.pl
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.250
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
C:\WINDOWS\SYSTEM\nlegnohd.dll

    • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 12.04.06, 18:06
      Pojawił się znak na pasku z ostrzeżeniem "Your computer is infected" i nie wiem
      co mam robić. :))
      • neder Re: Prosze o sprawdzenie loga z hj 12.04.06, 18:43
        szukaj.gazeta.pl/szukaj/0,52001.html?VE_szukaj_a=Your+computer+is+infected&ile=15&sort=data_desc&spojnik=and&forum=430&poz=0&A_szukaj=temat&x=6&y=6&zywe=2
        szukaj.gazeta.pl/szukaj/0,52001.html?VE_szukaj_a=Your+computer+is+infected&ile=15&sort=data_desc&spojnik=and&forum=430&poz=0&A_szukaj=tresc&x=13&y=11&zywe=2
        pzdr
        • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 12.04.06, 20:17
          Nadal nie wiem co robić? :(( Zupełnie się na tym nie znam. Ostatnie pytanie, to
          jest groźne? Ktoś faktycznie się włamał do mojego komputera? Może mi paść
          system? Ratunku!!!!!! :D
    • Gość: k Re: Prosze o sprawdzenie loga z hj IP: *.warszawa.sdi.tpnet.pl 12.04.06, 22:17
      alt+ctrl+del i zakoncz:
      C:\WINDOWS\SYSTEM\INTELL321.EXE
      C:\PROGRAM FILES\PAYTIME.EXE

      Usun w hijackthis:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html <- usun plik
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      file)
      O1 - Hosts: 127.0.0.5 makethemcry.com
      O1 - Hosts: 127.0.0.5 loudcash.com
      O1 - Hosts: 127.0.0.5 iframestat.com
      O1 - Hosts: 127.0.0.5 toolbarpartner.com
      O1 - Hosts: 127.0.0.5 hqcash.com
      O1 - Hosts: 127.0.0.5 verybigcash.com
      O1 - Hosts: 127.0.0.5 makethemcry.com
      O1 - Hosts: 127.0.0.5 moviepartnership.com
      O1 - Hosts: 127.0.0.5 callmachine.com
      O1 - Hosts: 127.0.0.5 regcash.com
      O1 - Hosts: 127.0.0.5 toolbarpartner.com
      O1 - Hosts: 127.0.0.5 klikrevenue.com
      O1 - Hosts: 127.0.0.5 p2dll.com
      O1 - Hosts: 127.0.0.5 t73.com
      O1 - Hosts: 127.0.0.5 www.makethemcry.com
      O1 - Hosts: 127.0.0.5 www.loudcash.com
      O1 - Hosts: 127.0.0.5 www.iframestat.com
      O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
      O1 - Hosts: 127.0.0.5 www.hqcash.com
      O1 - Hosts: 127.0.0.5 www.verybigcash.com
      O1 - Hosts: 127.0.0.5 www.makethemcry.com
      O1 - Hosts: 127.0.0.5 www.moviepartnership.com
      O1 - Hosts: 127.0.0.5 www.callmachine.com
      O1 - Hosts: 127.0.0.5 www.regcash.com
      O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
      O1 - Hosts: 127.0.0.5 www.klikrevenue.com
      O1 - Hosts: 127.0.0.5 www.p2dll.com
      O1 - Hosts: 127.0.0.5 www.t73.com #
      O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
      O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\SYSTEM\intell321.exe <- usun plik
      O4 - HKLM\..\Run: [SysTray] C:\PROGRAM FILES\PAYTIME.EXE <- usun plik
      O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe" <- usun plik z dysku
      O4 - Startup: Winwall Autostart.lnk = D:\Winwall\Winwall.exe <-
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
      O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
      C:\WINDOWS\SYSTEM\nlegnohd.dll <- usun plik


      Zrob tez skan spybotem oraz adaware.
      • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 13.04.06, 14:24
        Zrobiałam to co napisałeś, ale nie wiem czy dobrze. Ratunku!!!!! :))

        Logfile of HijackThis v1.99.1
        Scan saved at 14:29:36, on 06-04-13
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\SPOOL32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MDM.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
        C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
        C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
        C:\WINDOWS\SYSTEM\RPCSS.EXE
        C:\WINDOWS\SYSTEM\LXCCPPLS.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\RUNDLL32.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
        C:\PROGRAM FILES\LEXMARK 3300 SERIES\LXCCMON.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
        C:\PROGRAM FILES\ANTIVIRENKIT\AVKWCTL9.EXE
        D:\WINWALL\WINWALL.EXE
        C:\WINDOWS\SYSTEM\LXCCCOMS.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\ANTIVIRENKIT\AVKSERVICE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
        Microsoft Internet Explorer dostarczony przez IDG.pl
        F1 - win.ini: run=LXDBOXCP.EXE,lxccppls.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
        Utilities\Nprotect.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
        C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
        O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
        O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300
        Series\lxccmon.exe"
        O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax
        Solutions\fm3032.exe" /s
        O4 - HKLM\..\Run: [LXCCCATS] rundll32 \LXCCtime.dll,_RunDLLEntry@16
        O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
        Shared\CCPD-LC\symlcsvc.exe start
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [AVKWCtl] C:\PROGRA~1\ANTIVI~1\AVKWCTL9.EXE
        O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
        O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
        Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
        O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
        Utilities\Nprotect.exe
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
        \ashServ.exe
        O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
        Shared\ccEvtMgr.exe"
        O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
        Shared\ccSetMgr.exe"
        O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton
        AntiVirus\IWP\NPFMntor.exe
        O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
        Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
        O4 - HKCU\..\Run: [Komunikator] D:\TLEN\TLEN.EXE
        O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O14 - IERESET.INF: START_PAGE_URL=www.pcworld.pl
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        acs.pandasoftware.com/activescan/as5free/asinst.cab
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.250

        • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 13.04.06, 14:27
          Próbowałam zeskanować przy użyciu programu Ad-Adware. Wykrywa 128 wirusów.
          Tylko jak chce usunąć to się zawiesza, tzn może nie zawiesza, ale taki pasek
          się pojawia i strasznie to długo trwa. To tak ma być? Sorki za takie pytania,
          ale jestem tempa w tych sprawach. :)
        • Gość: k Re: Prosze o sprawdzenie loga z hj IP: *.warszawa.sdi.tpnet.pl 13.04.06, 14:44
          Zostaw tylko jeden antyvirus, a wiec odinstaluj nortona oraz avast i zostaw
          antivirenkit lub odinstaluj antivirenkit i zostaw avast.

          Usun jeszcze to:
          O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe" <- plik ibm usun z
          dysku.

          Przeskanuj moze najpierw spybot'em, a dopiero pozniej ad-aware.

          • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 13.04.06, 18:56
            A teraz? Wiem, że przynudzam, ale musze to naprawić, bo potrzebuje komputer.


            Logfile of HijackThis v1.99.1
            Scan saved at 19:02:34, on 06-04-13
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\SPOOL32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\MDM.EXE
            C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
            C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
            C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
            C:\WINDOWS\TEMP\NAV\NAV\IWP\APP\NPFMNTOR.EXE
            C:\WINDOWS\SYSTEM\RPCSS.EXE
            C:\WINDOWS\SYSTEM\LXCCPPLS.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\RUNDLL32.EXE
            C:\PROGRAM FILES\LEXMARK 3300 SERIES\LXCCMON.EXE
            C:\PROGRAM FILES\PAYTIME.EXE
            C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
            C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
            C:\PROGRAM FILES\ANTIVIRENKIT\AVKWCTL9.EXE
            D:\WINWALL\WINWALL.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\WINDOWS\SYSTEM\LXCCCOMS.EXE
            C:\WINDOWS\EXPLORER.EXE
            D:\GADU-GADU\GG.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            c:\secure32.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
            Microsoft Internet Explorer dostarczony przez IDG.pl
            F1 - win.ini: run=LXDBOXCP.EXE,lxccppls.exe
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
            C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
            \SPYBOT~1\SDHELPER.DLL
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
            C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
            Utilities\Nprotect.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
            C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
            C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300
            Series\lxccmon.exe"
            O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax
            Solutions\fm3032.exe" /s
            O4 - HKLM\..\Run: [LXCCCATS] rundll32 \LXCCtime.dll,_RunDLLEntry@16
            O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
            Shared\CCPD-LC\symlcsvc.exe start
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
            Shared\ccApp.exe"
            O4 - HKLM\..\Run: [AVKWCtl] C:\PROGRA~1\ANTIVI~1\AVKWCTL9.EXE
            O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
            O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
            Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
            O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
            Utilities\Nprotect.exe
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
            Shared\ccEvtMgr.exe"
            O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
            Shared\ccSetMgr.exe"
            O4 - HKLM\..\RunServices: [NPFMonitor]
            C:\WINDOWS\TEMP\NAV\NAV\IWP\App\NPFMntor.exe
            O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
            Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
            O4 - HKCU\..\Run: [Komunikator] D:\TLEN\TLEN.EXE
            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O14 - IERESET.INF: START_PAGE_URL=www.pcworld.pl
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            acs.pandasoftware.com/activescan/as5free/asinst.cab
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.250

            • Gość: k Re: Prosze o sprawdzenie loga z hj IP: *.warszawa.sdi.tpnet.pl 13.04.06, 19:15
              C:\PROGRAM FILES\PAYTIME.EXE <- mialas usunac ten plik, a wczesniej zakonczyc.

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              c:\secure32.html <- i jeszcze to.

              Teraz napisze Ci juz ostatni raz: ODINSTALUJ NORTONA!
              • Gość: m Re: Prosze o sprawdzenie loga z hj IP: 62.233.231.* 17.04.06, 17:56
                Jeszcze raz ja :) Nie ma w Nortonie tej opcji: odinstaluj. Nie wiem co się
                stało. Można to jakoś "ręcznie" usunąć? Sprawdziłam programem CounterSpy, bo
                Adware zawieszał się. Wykryto 15 trojanów, ale zostały prawdopodobnie usunięte.
                To nowe logo. Dzięki.

                ogfile of HijackThis v1.99.1
                Scan saved at 18:00:19, on 06-04-17
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\SPOOL32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\MDM.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
                C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
                C:\WINDOWS\TEMP\NAV\NAV\IWP\APP\NPFMNTOR.EXE
                C:\WINDOWS\SYSTEM\RPCSS.EXE
                C:\WINDOWS\SYSTEM\LXCCPPLS.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\WINDOWS\RUNDLL32.EXE
                C:\PROGRAM FILES\LEXMARK 3300 SERIES\LXCCMON.EXE
                C:\PROGRAM FILES\PAYTIME.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
                C:\PROGRAM FILES\ANTIVIRENKIT\AVKWCTL9.EXE
                C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNSERVER.EXE
                D:\WINWALL\WINWALL.EXE
                C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNPROTECTIONSERVER.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\SUNTHREATENGINE.EXE
                C:\WINDOWS\SYSTEM\LXCCCOMS.EXE
                D:\GADU-GADU\GG.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                C:\WINDOWS\SYSTEM\PSTORES.EXE
                C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
                C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
                Microsoft Internet Explorer dostarczony przez IDG.pl
                F1 - win.ini: run=LXDBOXCP.EXE,lxccppls.exe
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
                O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
                C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\SYSTEM\MSDXM.OCX
                O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
                C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
                Utilities\Nprotect.exe
                O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
                C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
                C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300
                Series\lxccmon.exe"
                O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax
                Solutions\fm3032.exe" /s
                O4 - HKLM\..\Run: [LXCCCATS] rundll32 \LXCCtime.dll,_RunDLLEntry@16
                O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
                Shared\CCPD-LC\symlcsvc.exe start
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                Shared\ccApp.exe"
                O4 - HKLM\..\Run: [AVKWCtl] C:\PROGRA~1\ANTIVI~1\AVKWCTL9.EXE
                O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT
                SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe
                O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
                Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
                O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
                Utilities\Nprotect.exe
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
                Shared\ccEvtMgr.exe"
                O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
                Shared\ccSetMgr.exe"
                O4 - HKLM\..\RunServices: [NPFMonitor]
                C:\WINDOWS\TEMP\NAV\NAV\IWP\App\NPFMntor.exe
                O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
                Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                O4 - HKCU\..\Run: [Komunikator] D:\TLEN\TLEN.EXE
                O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O14 - IERESET.INF: START_PAGE_URL=www.pcworld.pl
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
                acs.pandasoftware.com/activescan/as5free/asinst.cab
                O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.250

                • Gość: k Re: Prosze o sprawdzenie loga z hj IP: *.warszawa.sdi.tpnet.pl 17.04.06, 19:05
                  Usunac recznie, hm, trzeba to zakonczyc:
                  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
                  C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
                  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
                  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
                  C:\WINDOWS\TEMP\NAV\NAV\IWP\APP\NPFMNTOR.EXE
                  C:\PROGRAM FILES\PAYTIME.EXE <- dlaczego dalej to masz?
                  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
                  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

                  W hijackthis usunac:
                  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
                  C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
                  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
                  C:\WINDOWS\TEMP\NAV\NAV\External\NORTON\APP\NAVShExt.dll
                  O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
                  Utilities\Nprotect.exe
                  O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
                  Shared\CCPD-LC\symlcsvc.exe start
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                  Shared\ccApp.exe"
                  O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program
                  Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
                  O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton
                  Utilities\Nprotect.exe
                  O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
                  Shared\ccEvtMgr.exe"
                  O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
                  Shared\ccSetMgr.exe"
                  O4 - HKLM\..\RunServices: [NPFMonitor]
                  C:\WINDOWS\TEMP\NAV\NAV\IWP\App\NPFMntor.exe
                  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
                  Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

                  Ale co z tego wyjdzie to nie wiem ;-)
                • neder Re: Prosze o sprawdzenie loga z hj 17.04.06, 19:10
                  uzyj tego
                  forum.gazeta.pl/forum/72,2.html?f=34&w=23300687&a=23301957
                  pzdr
Pełna wersja